package com.snow.vpnclient.data;

import com.google.firebase.crashlytics.buildtools.reloc.org.apache.commons.codec.binary.Base32;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/**
 * @author liufq
 * @since 2023-03-27 21:17:58
 */
public enum LocalData {

    INSTANCE;

    public String tokenCode;

    public Integer tokenTime;

    public Integer getTokenTime() {
        if (tokenTime == null) {
            tokenTime = 30;
        }
        return tokenTime;
    }

    public void setTokenTime(Integer tokenTime) {
        this.tokenTime = tokenTime;
    }

    public String createCode(String secret, long timeMsec) {
        Base32 codec = new Base32();
        byte[] decodedKey = codec.decode(secret);
        // convert unix msec time into a 30 second "window"
        // this is per the TOTP spec (see the RFC for details)
        long t = (timeMsec / 1000L) / 30L;
        long hash;
        try {
            hash = verify_code(decodedKey, t);
        } catch (Exception e) {
            // Yes, this is bad form - but
            // the exceptions thrown would be rare and a static configuration problem
            e.printStackTrace();
            throw new RuntimeException(e.getMessage());
        }
        tokenCode = String.valueOf(hash);
        return tokenCode;
    }

    private static int verify_code(byte[] key, long t) throws NoSuchAlgorithmException, InvalidKeyException {
        byte[] data = new byte[8];
        long value = t;
        for (int i = 8; i-- > 0; value >>>= 8) {
            data[i] = (byte) value;
        }
        SecretKeySpec signKey = new SecretKeySpec(key, "HmacSHA1");
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(signKey);
        byte[] hash = mac.doFinal(data);
        int offset = hash[20 - 1] & 0xF;
        // We're using a long because Java hasn't got unsigned int.
        long truncatedHash = 0;
        for (int i = 0; i < 4; ++i) {
            truncatedHash <<= 8;
            // We are dealing with signed bytes:
            // we just keep the first byte.
            truncatedHash |= (hash[offset + i] & 0xFF);
        }
        truncatedHash &= 0x7FFFFFFF;
        truncatedHash %= 1000000;
        return (int) truncatedHash;
    }
}
